Skip to content

added some more information about the security process #2696

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jun 22, 2013
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions contributing/code/security.rst
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,9 @@ solve the issue via pull requests, code reviews, and comments;

4. Once the fix is found, all involved projects collaborate to find the best
date for a joint release (there is no guarantee that all releases will be at
the same time but we will try hard to make them at about the same time).
the same time but we will try hard to make them at about the same time). When
the issue is not known to be exploited in the wild, a period of two weeks
seems like a reasonable amount of time.

The list of downstream projects participating in this process is kept as small
as possible in order to better manage the flow of confidential information
Expand All @@ -85,7 +87,7 @@ the Symfony security team.
As of today, the following projects have validated this process and are part
of the downstream projects included in this process:

* Drupal
* Drupal (releases typically happen on Wednesdays)
* eZPublish

Security Advisories
Expand Down